Effects of Individual Self-Protection, Industry Self-Regulation, and Government Regulation on Privacy Concerns: a Study of Location-Based Services

This article was downloaded by: [130.203.152.80] On: 19 February 2014, At: 06:34 Publisher: Institute for Operations Research and the Management Sciences (INFORMS) INFORMS is located in Maryland, USA

Information Systems Research

Publication details, including instructions for authors and subscription information: http://pubsonline.informs.org Research Note—Effects of Individual Self-Protection, Industry Self-Regulation, and Government Regulation on Privacy Concerns: A Study of Location-Based Services

Heng Xu, Hock-Hai Teo, Bernard C. Y. Tan, Ritu Agarwal,

To cite this article: Heng Xu, Hock-Hai Teo, Bernard C. Y. Tan, Ritu Agarwal, (2012) Research Note—Effects of Individual Self-Protection, Industry Self-Regulation, and Government Regulation on Privacy Concerns: A Study of Location-Based Services. Information Systems Research 23(4):1342-1363. http://dx.doi.org/10.1287/isre.1120.0416

Full terms and conditions of use: http://pubsonline.informs.org/page/terms-and-conditions

This article may be used only for the purposes of research, teaching, and/or private study. Commercial use or systematic downloading (by robots or other automatic processes) is prohibited without explicit Publisher approval. For more information, contact [email protected]. The Publisher does not warrant or guarantee the article’s accuracy, completeness, merchantability, fitness for a particular purpose, or non-infringement. Descriptions of, or references to, products or publications, or inclusion of an advertisement in this article, neither constitutes nor implies a guarantee, endorsement, or support of claims made of that product, publication, or service. Copyright © 2012, INFORMS

Please scroll down for article—it is on subsequent pages

INFORMS is the largest professional society in the world for professionals in the fields of operations research, management science, and analytics. For more information on INFORMS, its publications, membership, or meetings visit http://www.informs.org Information Systems Research Vol. 23, No. 4, December 2012, pp. 1342–1363 ISSN 1047-7047 (print) ISSN 1526-5536 (online) http://dx.doi.org/10.1287/isre.1120.0416 © 2012 INFORMS

Research Note Effects of Individual Self-Protection, Industry Self-Regulation, and Government Regulation on Privacy Concerns: A Study of Location-Based Services Heng Xu College of Information Sciences and Technology, The Pennsylvania State University, University Park, Pennsylvania 16802, [email protected] Hock-Hai Teo Department of Information Systems, National University of Singapore, School of Computing, Singapore 117418, [email protected] Bernard C. Y. Tan Department of Information Systems, National University of Singapore, School of Computing, Singapore 117418, [email protected] Ritu Agarwal Robert H. Smith School of Business, University of Maryland, College Park, Maryland 20742, [email protected] his study seeks to clarify the nature of control in the context of information privacy to generate insights into Tthe effects of different privacy assurance approaches on context-specific concerns for information privacy. We theorize that such effects are exhibited through mediation by perceived control over personal information and develop arguments in support of the interaction effects involving different privacy assurance approaches (individual self-protection, industry self-regulation, and government legislation). We test the research model in the context of location-based services using data obtained from 178 individuals in Singapore. In general, the results support our core assertion that perceived control over personal information is a key factor affecting context-specific concerns for information privacy. In addition to enhancing our theoretical understanding of the link between control and privacy concerns, these findings have important implications for service providers and consumers as well as for regulatory bodies and technology developers. Key words: privacy; context-specific concerns for information privacy; psychological control; control agency; individual self-protection; industry self-regulation; and government regulation History: Elena Karahanna, Senior Editor; Mariam Zahedi, Associate Editor. This paper was received on August 20, 2008, and was with the authors 24 months for 4 revisions. Published online in Articles in Advance April 18, 2012.

1. Introduction online transactions or adoptions of new technologies Information privacy is an increasingly critical concern in the presence of signiﬁcant privacy concerns. for many individuals around the world. The global It has been posited that individuals tend to have diffusion of mobile technologies and the unbounded lower privacy concerns if they perceive a certain options for gathering, storing, processing, disseminat- degree of control over the collection and use of their personal information (Dinev and Hart 2004, ing, and exploiting personal information trigger con- Xu et al. 2008). Considering the potential impor- sumer concerns (FTC 2010). Over the past decade, Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. tance of control in the context of information privacy, scholars in information systems have examined the this study explores and empirically demonstrates topic of privacy concerns (e.g., Angst and Agarwal the contribution of the psychological control theo- 2009, Bansal et al. 2010, Dinev and Hart 2006, Malho- ries to understanding information privacy. We con- tra et al. 2004, Son and Kim 2008) related to the collec- ducted an experimental study in the speciﬁc context tion and use of personal information from a variety of location-based services (LBS). Three privacy assur- of different perspectives. A general conclusion from ance approaches (individual self-protection, indus- this stream of research is that individuals would resist try self-regulation, and government legislation) were

manipulated in the experiment and their effects dissemination, and invasion activities. Culnan and on control perceptions and privacy concerns were Williams (2009) argue that these activities on infor- examined. mation reuse and unauthorized access by organiza- The current study contributes to existing pri- tions “can potentially threaten an individual’s ability vacy research in several important ways. First, prior to maintain a condition of limited access to his/her research has shown a lack of clarity in explicating personal information” (p. 675). Solove’s groundwork the link between control and privacy: some studies (2007) for a pluralistic conception of privacy differen- have defined privacy as control per se (e.g., Goodwin tiates the concept of privacy (as an individual state) 1991, Milne and Rohm 2000); others have positioned from the management of privacy (arising from organi- control as a key factor shaping privacy (e.g., Laufer zational information processing activities). From the and Wolfe 1977, Dinev and Hart 2004). There have perspectives of individuals (Dhillon and Moores 2001, been very few attempts to bring control theories into Schoeman 1984), we define privacy as a state of lim- privacy research to clarify the nature of control. The ited access to personal information. current research contributes to this controversial issue Another challenge faced in understanding privacy by explicating this control—privacy contention. Sec- is the diversity of measurements used by prior ond, following the call by Margulis (2003a, b), cur- research. Measures that have been adopted for the rent research has explicitly integrated the literature on examinations of privacy include attitudes toward pri- psychological control into theories of privacy. Toward vacy (e.g., Buchanan et al. 2007), concerns for privacy this end, we have adopted the control agency the- (e.g., Smith et al. 1996), and privacy-related behav- ory to make a theoretical distinction of different pri- ioral intentions (e.g., Dinev and Hart 2006). Based on vacy assurance approaches by explicitly linking them an extensive review of privacy literature, Smith et al. with different types of control agencies. Finally, most (2011) note that the variable of “privacy concerns” existing privacy research focuses on examining the becomes the central construct within IS research and individual effect of privacy assurance approaches it has become the proxy to operationalize the con- (e.g., Culnan and Bies 2003, Metzger 2006). Build- cept of “privacy.” Specifically, the Smith et al. (1996) ing on the control agency framework, this research Concern for Information Privacy (CFIP) scale has extends the literature by proposing interaction effects been considered as one of the most reliable scales of these privacy assurance approaches on alleviating for measuring privacy concerns, using four data- privacy concerns, based on the type of control agen- related dimensions: collection, errors, unauthorized cies they can provide. secondary use, and improper access to information. In what follows, we first provide an overview of As Bansal et al. (2008) note, these four dimensions of prior relevant literature to establish a theoretical foun- CFIP supported the underlying definitions of the U.S. dation for studying privacy, privacy concerns, control, Federal Trade Commission’s (FTC) fair information and privacy assurance approaches. Then we develop practices (FTC 2000), which include the stipulations the logic underlying the research hypotheses that that consumers be given notice that their personal relate different privacy assurance approaches to pri- information is being collected (mapped as collection of vacy concerns, mediated by perceived control. This is CFIP), consent with regard to the authorized use of followed by a description of the research methodol- their information (mapped as unauthorized secondary ogy and findings. The paper concludes with a discus- use of CFIP), access to personal data records to assure sion of the key results, directions for future research, data accuracy (mapped as errors of CFIP), and secu- and the practical implications of the findings. rity to prevent these data records from unauthorized access (mapped as improper access of CFIP). 2. Theoretical Development More recently, Malhotra et al. (2004) develop a multidimensional scale of Internet Users Information 2.1. The Concept of Privacy and the Construct of Privacy Concerns (IUIPC), which adapted the instru- Privacy Concerns ment of CFIP into the Internet context. Based on the Although various conceptions of privacy have been social contract and justice theories, IUIPC identified given in the literature, “the notion of privacy is three dimensions of Internet privacy concerns: collec- Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. fraught with multiple meanings, interpretations, and tion of personal information (rooted in the distribu- value judgments” (Waldo et al. 2007, p. x). The rich tive justice theory), control over personal information body of conceptual work has welcomed research to (rooted in the procedural justice theory), and aware- synthesize various conceptions and identify common ness of organizational privacy practices (rooted in ground. For example, Solove (2007) describes pri- the interactional and information justice theory). In this vacy as “a shorthand umbrella term” (p. 760) for research, we ground our work in the CFIP instead of a set of privacy problems resulting from informa- the IUIPC. This is because, compared to IUIPC’s focus tion collection, information processing, information on an individual’s subjective view of fairness, CFIP’s Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1344 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

focus on the organizational privacy practices natu- information privacy-related issues, researchers should exam- rally maps with the FTC’s fair information practices, ine not only consumers’ privacy concerns at a general level, which serve as the privacy standard used in the but also consider salient beliefs and contextual differences at United States to address consumer privacy concerns. a specific level. Following this call for examining privacy concerns 2.2. General vs. Context-Specific Concerns for at a specific level, we focus on context-specific as Information Privacy opposed to general concerns for information privacy In the IS field, most positivist studies on privacy in this research. Context has been defined as “stim- have operationalized the construct of privacy con- uli and phenomena that surround and, thus, exist cerns from two broad perspectives: some have treated in the environment external to the individual, most it as a general concern of worries over possible loss of often at a different level of analysis” (Mowday and information privacy across contexts (e.g., Awad and Sutton 1993, p. 198, as cited in Smith et al. 2011). Krishnan 2006, Bellman et al. 2004, Dinev and Hart We consider contexts to incorporate different tasks or 2006, Smith et al. 1996); others have approached it as a activities that consumers may undertake with differ- context-specific concern for information privacy regard- ent types of companies or websites (e.g., specific ven- ing particular websites or technologies (e.g., Bansal dors, online pharmacies, and social networking sites) et al. 2008, Junglas et al. 2008, Oded and Sunil 2009, as well as different types of information collected Pavlou et al. 2007). Emphasizing the role of contextual from consumers (e.g., behavioral, location, financial, factors in shaping privacy beliefs, scholars in com- health, and biographical). We argue that privacy con- puter science (Ackerman and Mainwaring 2005), law cerns are context-specific, based in the specifics of by (Solove 2006), and sociology (Margulis 2003a) have whom, why, when, and what type of personal infor- noted that it is important to theoretically draw a mation is being collected, distributed, and used. Con- distinction between general concerns for privacy and cerns for information privacy in any specific context context-specific concerns. For example, Ackerman and can be circumscribed by the elements within these Mainwaring (2005) point out that people’s expecta- specifics. In this research, we adapted the measures tions and problems concerning privacy may all differ of CFIP from a general level to a context-specific level when moving among areas of computation and tasks. and define context-specific CFIP as “consumers’ con- What may be a privacy concern in healthcare web- cerns about possible loss of privacy as a result of sites may be a very different problem for users than information disclosure to a specific external agent” (in in social networking websites. our case, a service provider) (Xu et al. 2011, p. 800). Therefore, we argue that these two types of privacy concerns (general versus context-specific concerns) 2.3. Psychological Perspective of Control have distinct characteristics: Individuals’ general con- Although the element of control is embedded in most cerns for information privacy reflect their inher- privacy definitions (e.g., Altman 1976, Goodwin 1991, ent needs and attitudes toward maintaining privacy, Johnson 1974) and has been used to operationalize which are conceived to be more stable across domains privacy in measurement instruments (e.g., Malhotra or contexts. Context-specific concerns for information et al. 2004), its meaning has been interpreted differ- privacy, on the other hand, tie the individuals’ assess- ently (see Table 1). For example, control has been used ments of privacy concerns to a specific context with a to refer to various targets such as the choice to opt out specific external agent, demanding that consumers be of an information exchange (Milne and Rohm 2000), involving in a dynamic assessment process in which ability to affect the dissemination and use of per- their privacy needs are evaluated against their information disclosure needs are weighed against infor- sonal information (Phelps et al. 2000), and secondary mation disclosure needs (Sheehan 2002). In terms of (indirect) control over the attainment of privacy- the relationship between these two types of privacy related outcomes (Johnson 1974). As Margulis (2003b) concerns, Li et al. (2011) have suggested that the pointed out, the very nature of control is ambigu- effect of general privacy concerns may be overridden ous in the context of information privacy. Similarly, by context-specific privacy concerns because of the Solove (2002) noted that “theorists provide little elab- impact of contextual factors associated with a specific oration as to what control really entails, and it is often Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. website and its information collection activities. In the understood too narrowly or too broadly” (p. 1112). IS field, Malhotra et al. (2004, p. 349) have made an Margulis (2003a) also pointed out that privacy the- explicit call for research on examining privacy con- orists had failed to adequately define the nature of cerns “at a specific level”: control in their theories of privacy. It seems that the 0 0 0 privacy research in the IS domain has paid little atten- frequent link between control and privacy has not tion to consumers’ perceptions specific to a particular contributed as much to clarifying privacy issues as context 0 0 0 0 However, our findings clearly reveal that to it should have. In response to the call for a stronger have a complete understanding of consumer reactions to theoretical basis for research on information privacy, Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1345

Table 1 Frequent Linkage of Privacy and Control

Authors Conceptualization of privacy Role of control Meaning of control Nature of control

Altman (1976) Privacy is conceptualized as selective Privacy is defined as Control is conceptualized as an active Behavioral control of access to the self or to interpersonal control. and dynamic regulatory process. one’s group. Caudill and Murphy (2000) Privacy is defined as consumers’ Control is one dimension Control refers to the ability to decide Behavioral control of their information in a defining privacy. the amount and depth of marketing interaction and the information collected (i.e., through degree of their knowledge of the opt-in and opt-out options). collection and use of their personal information. Culnan (1993) Privacy is defined as the ability of an Control is a core dimension Control refers to the ability of Behavioral individual to control the access underlying attitudes toward individuals to decide how their others have to personal privacy. information is reused. Loss of information. control is operationalized as a dimension of privacy concerns. Dinev and Hart (2004) Privacy is defined as the right to Perceived ability to control is Control refers to the mechanism a Behavioral disclose information about oneself. an antecedent to privacy website provides for consumers to concern. control their submitted personal information. Goodwin (1991) Privacy is defined based on two Privacy is defined as control. Control refers to the ability to decide Behavioral dimensions of control: control of (a) the presence of other people in information disclosure and control the environment and (b) over unwanted intrusions into the dissemination of information environment. related to or provided during a transaction. Hoadley et al. (2010) Privacy is conceptualized as Illusory loss of control can Control is conceptualized as a Psychological individuals’ perceived control of lead to privacy concern. psychological perception (instead their information in an online social of actual controllability), and interaction and the ease of illusory loss of control, prompted information access by others. by the interface change, can trigger users’ privacy concerns. Johnson (1974) Privacy is defined as secondary Privacy is defined as Control is conceptualized with two Behavioral control in the service of behavioral selection dimensions: primary (direct) and need-satisfying outcome control. secondary (indirect) personal effectance. control over the attainment of privacy-related outcomes. Laufer and Wolfe (1977) Privacy is tied to concrete situations Control is a mediating variable Control refers to the ability to choose Behavioral with three dimensions: self-ego, in the privacy system. how, under what circumstances, environmental, and interpersonal. and to what degree the individual is to disclose information. Malhotra et al. (2004) Privacy is defined as the claim of Control is viewed as a Control refers to individuals’ ability to Behavioral individuals, groups, or institutions dimension of privacy decide how their information is to determine for themselves when, concern. collected, used, and shared. how, and to what extent information about them is communicated to others. Milne and Rohm (2000) Privacy is defined as a state, on the Control is one dimension Control refers to the ability to remove Behavioral basis of who controls consumer defining privacy. names from marketing list (i.e., data and whether consumers are through opt-out mechanism). informed of information collection and privacy rights. Phelps et al. (2000) Privacy refers to the ability to affect Control is one dimension Control refers to the ability to Behavioral Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. the dissemination and use of defining privacy and is an influence how personal information personal information and control antecedent to concern for is used and who will have access over unwanted use. firms’ information to it. practices. Zweig and Webster (2002) Privacy is implicitly defined as the Control is an antecedent to Control is operationalized as the Behavioral extent to which people can control perceived invasion of technical ability to control over the release and dissemination of privacy. when one’s video image is personal information. displayed. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1346 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

this study explores and empirically demonstrates the been generally defined as an individual’s beliefs contribution of psychological control perspective to about the presence of factors that may facilitate or the understanding of privacy concerns. impede performance of the behavior (Ajzen 2001). As shown in Table 1, there has been movement Being cognitive in nature, perceived control is sub- toward the interpretation of control as the ability jective and need not necessarily involve attempts to of consumers to voice or exit in order to influence effect a behavioral change (Langer 1975). That is to changes in organizational privacy practices they find say, perceived control may be based on the indi- to be objectionable (Malhotra et al. 2004). For exam- vidual’s evaluation of the objective reality (i.e., the ple, Stewart and Segars (2002, p. 40) noted that “while resources and opportunities facilitating personal con- consumers’ privacy concerns may relate to very spe- trol), or it might be based on the individual’s attempts cific information practices such as collection, sec- to “give up control” to someone who is more able ondary use, access, and errors, the supra concern that than oneself to produce the desired outcome (Miller accounts for the interdependencies among these fac- 1980). In this research, we define perceived control tors may be the degree of control over their personal over personal information as an individual’s belief information that is retained by the consumer.” Such about the presence of factors that may increase or focus on actual control in the IS literature, however, decrease the amount of control over the release and excludes those aspects of psychological control that dissemination of personal information. may not directly involve behavioral attempts to effect a change. Hoadley et al. (2010) echoed the impor- 2.4. Privacy Assurance Approaches: A Control tance of psychological control by noting that privacy Agency Perspective is not simply related to the factual state of informa- In the privacy literature, control has been under- tion disclosure, access, and use (i.e., zeros-and-ones stood as a form of information ownership (Westin of data privacy). In their analysis of the event of the 1967) conceptualized as the individual choice to opt Facebook News Feed privacy outcry, Hoadley et al. in to or opt out of an electronic information exchange (2010) pointed out that “no privacy (from a zeros- environment completely or selectively (Caudill and and-ones perspective) was compromised due to the Murphy 2000), or operationalized as the technical introduction of the feed features” (p. 57), because ability to control the information display (Zweig and “Facebook’s old and new interfaces are isomorphic” Webster 2002). This body of literature’s focus on indi- (p. 55) in terms of the actual controllability over who vidual control, however, makes it too narrow a concep- had access to what information. Yet the News Feed tion because it excludes those aspects of control that features “induce lower levels of perceived control over are beyond individual choice. The follow-up ques- personal information due to easier information access, which in turn leads to a subjectively higher perception tion is whether individuals are able to execute signif- of privacy intrusion” (Hoadley et al. 2010, p. 57). icant information control in all circumstances, given The above discussions indicate that the perceived discrepancies in awareness and power in the pro- loss of control over personal information may be a cess of data gathering and transfer (Schwartz 1999). function of not only objective reality but also “the The implication is that privacy assurance “is not individual’s subjective beliefs, vicarious observations, just a matter for the exercise of individual actions and biases” (Hoadley et al. 2010, p. 57). “Veridical- but also an important aspect of institutional struc- ity is not necessary or sufficient to bring about the ture” (Xu et al. 2011, p. 799). As Solove (2002) perception of control, although the perception of con- noted, “[P]rivacy 0 0 0 is not simply a matter of individ- trol, however illusory, may have a profound effect ual prerogative; it is also an issue of what society on the individual” (Wallston 2001, p. 49, as cited in deems appropriate to protect” (p. 1111). To provide Hoadley et al. 2010). The case of the Facebook News a richer conceptual description of privacy assurance, Feed privacy outcry has demonstrated how an “illu- this research demonstrates the contribution of control sory” loss of control, prompted by the introduction agency theory to the understanding of privacy assur- of News Feed features, triggered users’ privacy con- ance approaches. In particular, the control agency cerns. To provide a richer conceptual description of theory allows us to not only examine the effects of Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. control, this study explores and empirically demon- personal control, in which the self acts as the control strates the contribution of psychological control the- agent to protect privacy, but also include proxy control, ories to the understanding of control in the privacy in which powerful others (such as the government context. and industry regulators) act as the control agents to In the psychology literature, control is commonly protect privacy. treated as a perceptual construct because perceived Two paths to enhancing control perceptions can be control affects human behavior much more than identified from the control agency perspective, which actual control (Skinner 1996). Perceived control has differentiates control conceptually among its various Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1347

components. First, perceived control can be ampli- of these privacy assurance approaches on influenc- fied by having direct personal control, where the con- ing privacy related beliefs are intuitively appealing trol agent is the self (Bandura 2001, Skinner 1996). and have been indirectly supported in prior research. Individuals who value personal agency would prefer Our study is particularly interested in the interac- exercising direct personal control because they “would tion effects, i.e., how interactions of these privacy especially feel themselves more self-efficacious when assurance approaches may collectively influence pri- their agency is made explicit” (Yamaguchi 2001, vacy concerns through the effect on perceived control. p. 226). Personal agency suggests that individuals are Because these mechanisms do not appear in isolation motivated to act upon opportunities that allow them in practice, their individual effects are less likely to to be the sole initiator of their behavior (Bandura be ecologically informative than are their interaction 2001). Second, perceived control can be increased by effects. having proxy control, where the control agent is pow- 2.5. Privacy Concerns Pertaining to erful others (Bandura 2001, Yamaguchi 2001). With Location-Based Services proxy control, individuals attempt to align themselves In contrast to most privacy research that was con- such that they are able to gain control through power- ducted in the conventional Web context (e.g., Bansal ful others. In proxy agency, “people try by one means et al. 2010, Dinev and Hart 2006, Son and Kim 2008), or another to get those who have access to resources we develop and empirically test a research model or expertise or who wield influence and power to act in an understudied context of location-based services at their behest to secure the outcomes they desire” (LBS). LBS have a number of characteristics that make (Bandura 2001, p. 13). them particularly suitable for current research. First, The privacy literature describes three major positioning systems are likely to endure as an impor- approaches to help protect information privacy: indi- tant technology because of the significant investments vidual self-protection, industry self-regulation, and made in their development and associated telecom- government legislation (Culnan and Bies 2003, Son munication infrastructure (ABI 2011, FTC 2009). Rep- and Kim 2008, Tang et al. 2008, Xu et al. 2010). utable firms like Google, Yahoo, and Facebook as These approaches fall into two generic categories well as startups like Foursquare, Gowalla, Loopt, and based on the type of control agency they provide: per- many others are entering the market of LBS. Con- sonal control enhancing mechanism and proxy control sequently, LBS that utilize spatial location informa- enhancing mechanism. The former control enhanc- tion to provide value-added services to users will ing mechanism (via individual self-protection) com- become a prevalent phenomenon globally (ABI 2011). prises tools and approaches that enable individuals Second, compared with the Internet environment, to directly control the flow of their personal infor- the ubiquitous computing environment offers indi- mation to others. As is evident with individual self- viduals higher potential for control over communica- protection, the agent of control is the self and the tion and exchange of personal information (Junglas effect of this agency arises due to the opportunity and Watson 2006). Therefore, understanding the link for direct personal control. The latter mechanism between perceived control and privacy concerns has (via industry self-regulation or government legisla- become much more important. Finally, in a context characterized by ubiquity and tion) refers to the institution-based approaches where uniqueness where consumers engage more activities powerful forces (i.e., government legislator or indus- that collect, analyze, and visualize personal infor- try self-regulator) act as the control agents for con- mation, privacy concerns have become particularly sumers to exercise proxy control over their personal salient (ABI 2011). As highlighted in the FTC’s recent information. town hall meeting on the mobile marketplace, the In general, the public has been skeptical about use of LBS often discloses the goegraphical loca- the efficacy of individual self-protection and indus- tion information of a user in real time, rendering try self-regulation for protecting information privacy the potential for privacy intrusions very significant (Culnan 2000, Tang et al. 2008, Turner and Dasgupta (FTC 2009). These concerns pertain to the mobile 2003). As a result, privacy advocates continue to devices’ automatic generation and transmission of Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. demand stronger government regulation to restrain consumers’ location information; the confidentiality abuse and mishandling of personal information by of accumulated personal data (e.g., their location data, companies (Culnan 2000, Swire 1997). Prior research identity, and behavior data); and the potential risk on privacy assurance approaches has focused on that individuals would experience with a breach of how these approaches individually influence privacy confidentiality (FTC 2009). To the degree that that pri- beliefs and privacy related constructs such as privacy vacy concerns represent a major inhibiting factor in concerns, trust, or perceived risks (Hui et al. 2007, the adoption of LBS (ABI 2011), it is important to Son and Kim 2008, Tang et al. 2008). The direct effects understand how such concerns can be addressed. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1348 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

Figure 1 Research Model

Individual self-protection (ISP)

Personal control agency H2

Industry Perceived control Context-specific self-regulation (REG) concerns for H3 over personal H1 information (CTL) information privacy (CFIP) Government legislation (LEG)

Proxy control agency Control variables • Age • Gender • Education • Desire for information control • Trust propensity Not specifically hypothesized but path included for statistical testing • Privacy experience

3. Research Model and Hypothesis per se. This distinction enables us to avoid conflating Development the concept of privacy with the concept of control, Figure 1 presents the research model. In sum, which is used to justify the effects of privacy assur- the theoretical foundation for this study is cen- ance approaches through different control agencies. tered on the control agency theory (Bandura 2001, Prior privacy research suggests that consumers Yamaguchi 2001), which suggests that mechanisms tend to have lower levels of privacy concerns when triggering control perceptions over personal informa- they believe that they have control over the disclo- tion can be instrumental in alleviating privacy con- sure and subsequent use of their personal informa- cerns. By explicitly associating different mechanisms tion in a specific situation (Culnan and Armstrong with different forms of control agency, the interaction 1999, Culnan and Bies 2003, Phelps et al. 2000). effects of these mechanisms can be predicted. In the In other words, perceived control helps reduce peo- following sections, we present arguments for why ple’s context-specific privacy concerns if they per- each mechanism is expected to enhance perceived ceive current and future risks as low (Milne and control. Then the research hypotheses are constructed Culnan 2004). Empirical evidence has revealed that around interactions between the personal and proxy consumers’ control perceptions over collection and control enhancing mechanisms. dissemination of personal information are negatively related to privacy concerns regarding particular web- 3.1. Effects of Perceived Control on sites (Xu et al. 2008). These considerations suggest Context-Specific Privacy Concerns that in a specific context, individuals tend to have Although control has received attention as the com- lower privacy concerns if they get a sense of greater mon core of definitions of privacy (e.g., Awad and control over their personal information that is col- Krishnan 2006, Son and Kim 2008), researchers in law lected and used by a specific company. Following this and social science have noted that it is important to perspective, we propose that perceived control over treat these two concepts as separate and supporting personal information is negatively related to context- concepts (Margulis 2003a, b; Solove 2002). Waldo et al. specific privacy concerns. (2007) argued that “control over information cannot Hypothesis 1 (H1). Perceived control over personal be the exclusive defining characteristic of privacy”

Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. information has a negative effect on the context-speciﬁc (p. 61) and privacy is more than control. Similarly, DeCew (1997) pointed out that “we often lose con- concerns for information privacy. trol over information in ways that do not involve 3.2. Effects of Privacy Assurance Approaches on an invasion of our privacy” (p. 53). Consistent with Personal Control the emphasis in the law and social science literature on the relationship between control and privacy, 3.2.1. Personal Control Through Individual Self- we argue in this research that control is a key variable Protection. Individuals are striving for primary con- in determining privacy state but privacy is not control trol over their environment when they exercise Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1349

personal control through individual self-protection seals (e.g., TRUSTe)1 that are designed to confirm actions (Weisz et al. 1984). Such a mechanism sufficient privacy assurance (Culnan and Bies 2003). empowers individuals with direct control over how An example of an industry self-regulator is the their personal information may be gathered by Cellular Telecommunications and Internet Associa- service providers. The privacy literature (Culnan tion (CTIA), which has established guidelines for and Bies 2003, Milne and Culnan 2004, Son and LBS providers to handle personal information linked Kim 2008) describes two major types of individ- to location (CTIA 2008). Other examples, including ual self-protection approaches: nontechnological and groups such as TRUSTe, have prescribed responsi- technological approaches. An array of nontechnolog- ble privacy practices and implementation guidelines ical self-protection approaches has been discussed in for LBS providers to safeguard private information terms of reading privacy policies, refusal to reveal (TRUSTe 2004). personal information, misrepresentation of personal Prior research has shown that companies that information, removal from mailing lists, negative announce membership in self-policing associations or word-of-mouth, complaining directly to the online seals of approval foster consumers’ perceptions of companies, and complaining indirectly to third-party control over their personal information (Xu et al. organizations (see Son and Kim 2008 for a review). 2008). Further, failure to abide by the terms of self- In the context of this research, we focus on examin- policing associations or seals of approval can mean ing technological self-protection approaches because termination as a licensee of the program or “referral to these technological privacy assurances have been the appropriate law authority, which may include the understudied in the IS field. appropriate attorney general’s office, the FTC, or the Technological self-protection approaches comprise Individual Protection Agency” (Xu et al. 2011, p. 806). privacy-enhancing technologies (PETs) that allow Thus these self-regulatory structures create incentives individuals to protect their information privacy for companies to refrain from behaving opportunisti- by directly controlling the flow of their personal cally (Tang et al. 2008). Hence in the context of LBS, information to others (Burkert 1997). PETs are quite we argue that having seals like TRUSTe certifying numerous, with technologies such as anonymous web a firm’s privacy practices may facilitate individuals’ surfing and communication tools, cookie manage- beliefs that they are able to execute proxy control over ment tools, and the Platform for Privacy Preference their personal information. (P3P) and its user agents (Cranor 2002). In the context of online social networks, to assuage user perceptions 3.2.3. Proxy Control Through Government Reg- of privacy invasions, a number of social networking ulation. According to Xu et al. (2010), “government sites have been rolling out privacy-enhancing features regulation is another commonly used approach that that provide users with the capabilities to limit infor- relies on the judicial and legislative branches of mation disclosure and access (Hoadley et al. 2010). a government for protecting personal information These privacy enhancing features can provide users (p. 143).” Legal action was taken by the European with means to control the disclosure, access, and use Commission in the Directive on privacy and elec- of their personal information and thus may increase tronic communications (2002/58/EC)2 that explicitly the level of perceived control. In the specific context requires location information to be used only with of LBS, users are given PETs to turn off the location the consent of individuals and only for the dura- tracking from their mobile devices (Barkhuus et al. tion necessary to provide the specific services. This 2008, Tsai et al. 2010). Some devices also allow users directive further requires that individuals be provided to specify the accuracy of location information to be with simple means to temporarily deny the collection released to LBS providers (Barkhuus et al. 2008, Tsai and use of their location information. In the United et al. 2010). Hence, having mobile devices with PETs States, the Location Privacy Act of 20113 was drafted should facilitate individuals’ beliefs that they can exe- to safeguard user location information by requiring cute direct control over their personal information in any nongovernmental entities to obtain user consent the context of LBS. before collecting or distributing the location data. The main focus of this bill is to obtain consent from users 3.2.2. Proxy Control Through Industry Self- Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. Regulation. Industry self-regulation is a commonly 1 used approach that mainly consists of industry See Direct Marketing Association at http://www.the-dma.org and TRUSTe at http://www.truste.org/ for examples. codes of conduct and self-policing trade groups 2 and associations as a means of regulating privacy See Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002: http://eur-lex.europa.eu/LexUriServ/ practices. In practice, third-party intervention has LexUriServ.do?uri=OJ:L:2002:201:0037:0037:EN:PDF. been employed to provide trustworthiness to com- 3 Location Privacy Protection Act of 2011, S. 1223, 112th Cong. panies through membership of self-policing associa- §3 (2011): http://franken.senate.gov/files/docs/Location_Privacy tions (e.g., Direct Marketing Association) or privacy _Protection_Act_of_2011_Bill_Text.pdf. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1350 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

of mobile devices before their locations are collected affecting control perceptions. In addition, because and shared with commercial entities or third parties these mechanisms do not appear in isolation in prac- such as advertisers.4 tice, their individual effects are less likely to be With government regulation, individuals can ecologically informative than are their interaction relinquish personal control and instead allow the leg- effects. Accordingly, we propose a theoretical possi- islation to exercise proxy control (on their behalf) bility based on the notion that individuals tend to to protect their personal information. Spiro and minimize the amount of effort on information pro- Houghteling (1981) indicated that the legal system cessing and would not process more information than is the most powerful approach for the execution of necessary (Berghel 1997, Eppler and Mengis 2004). proxy control because it requires that offenders be Therefore, if one of the two control agencies is suffi- punished in order to maintain its deterrent effective- cient to make a relatively risk-free judgment, the exis- ness. The legislation can decree the types of personal tence of other mechanisms may not matter much. To information companies and third parties are allowed investigate this proposition, we look into the interac- to collect from consumers as well as the ways that col- tion effects of the two control enhancing mechanisms lected information should be protected against misuse by comparing the sources of control agency for each and breach (Swire 1997). Through enforcement agen- mechanism. cies, regulations specify rules and provide redress to As discussed above, the differences in the three individuals who are harmed when the law is violated privacy assurance approaches can be attributed to (Culnan and Bies 2003). Thus we argue that through the differences in control agency (which is either self the government legislation, individuals can exercise agency triggering personal control or powerful oth- proxy control over the collection and use of their per- ers agency triggering proxy control). When individ- sonal information by service providers in the context uals are placed in control of situations that affect of LBS. them (i.e., control agency is self), they would often feel greater autonomy (Yamaguchi 2001). For exam- 3.2.4. Interaction Effects Between Personal and ple, in a study about location-based applications, Proxy Control. Thus far, we have argued that each Barkhuus and Dey (2003) found that when users are of the three privacy assurance approaches can poten- provided the options to indicate their own settings tially alleviate privacy concerns via their effects on the of how an application should collect their location level of perceived control. The direct effects are intu- information, they feel more in control of their inter- itively appealing and have been indirectly supported action with the technology. Cognitively, self agency in prior research. For example, regarding the direct motivates greater user engagement and involvement, effect of individual self-protection through PETs, prior which is likely to result in positive attitudes given research has indicated that having mobile devices its guaranteed consonance with individual interests with PETs to specify users’ privacy preferences makes (Yamaguchi 2001). Empirical evidence has shown that users feel more in control of their personal informa- imbuing the user with a sense of personal agency tion and thus alleviates their privacy concerns per- can have a powerful effect on attitudes because of taining to LBS (e.g., Barkhuus and Dey 2003). For its inherent egocentrism (Sundar and Marathe 2010). the industry self-regulation approach, empirical evi- Individual self-protection that activates self agency dence has revealed that having third-party privacy by its very nature is expected to provide users with seals certifying a firm’s privacy practices can increase control of the flow of personal information from consumers’ control perceptions (e.g., Xu et al. 2008). their own hands. Thus, compared with proxy agency Under the government regulation approach, research where control is placed in the hands of other par- has suggested that the privacy protection standards ties, self agency via individual self-protection serves set by the government allow consumers to believe to inculcate a greater sense of agency in users them- that companies will protect their disclosed infor- selves, which could have a stronger impact on their mation post-contractually, thereby increasing their perceived control over personal information. In a par- perceived control over their personal information ticular context of information disclosure, once people (e.g., Tang et al. 2008). disclose their personal information, they have no abil- Our focus of this research, however, is not on ity to know what is actually being done with it and no Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. the direct effects of the three privacy assurance ability to change practices they object to. Therefore, approaches. Rather, we are interested in the extent to when there is self agency available for individuals to which personal control enhancing mechanism inter- control their personal information, they are likely to acts with proxy control enhancing mechanism in have less of a need for proxy control via industry self- regulation or government legislation.

4 See also the Location Privacy Protection Act of 2011 (S. 1223) Hypothesis 2 (H2). The availability of personal con- Bill Summary: http://franken.senate.gov/ﬁles/docs/110614_The trol diminishes the effects of proxy control via industry _Location_Privacy_Protection_Act_of_2011_One_pager.pdf. self-regulation. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1351

Hypothesis 3 (H3). The availability of personal con- greater control over personal information were much trol diminishes the effects of proxy control via government more likely to have higher privacy concerns than legislation. were consumers who desire less control over personal information (Phelps et al. 2000). Although prior 3.3. Control Variables research only demonstrated the influence of desire Scholars have identified two categories of factors that for information control in influencing general privacy have a direct bearing on consumers’ privacy con- concerns, we control for its influence because it could cerns in a specific context, including (i) individual’s potentially influence the degree of privacy concerns personal characteristics and (ii) situational cues that in a specific context. enable a person to assess the consequences of infor- Third, we include interpersonal difference in terms mation disclosure (Xu et al. 2008). In this research, of previous privacy experience as a covariate in the we have examined the availabilities of privacy assur- model. Individuals who have been exposed to or been ance approaches (individual self-protection, industry the victim of personal information abuses are found self-regulation, and government legislation) as salient to have stronger concerns for information privacy in situational cues that influence individuals’ privacy general (Smith et al. 1996). We argue that although concerns in the specific context of LBS. Factors related prior research only demonstrated the influence of pre- to individual characteristics other than those situa- vious privacy experience in affecting general privacy tional cues mentioned previously may influence indi- concerns, we control for its influence because it may viduals’ reactions to privacy concerns. To control for potentially affect the degree of privacy concerns in a those unknown effects, we have included interper- specific context. sonal differences as covariates in the model. First, we included three demographic characteristics (Culnan 1995, Malhotra et al. 2004): age, gender, and 4. Research Method education. Demographic differences have been found 4.1. Experimental Design and Manipulation to influence the degree of general privacy concerns. An experimental study was conducted to test For example, it was found that those consumers who the research hypotheses. Three privacy assurance were less likely to be concerned about privacy were approaches were manipulated independently, and more likely to be young, male, and less educated their effects on individuals’ psychological responses (Culnan 1995, Sheehan 1999). Although prior research were examined. A location tracking service (location- only demonstrated the influences of these demo- aware mobile-coupon service) was utilized because graphic variables in affecting general privacy concerns, LBS providers with this type of application tend to be we control for their influences because they could more aggressive in promoting their services through potentially affect the degree of privacy concerns in a active tracking of user location information, thereby specific context of LBS. resulting in greater privacy concerns among users Second, personality traits have been found to affect (Barkhuus and Dey 2003). general privacy concerns in prior research. In this The experiment had a 2 × 2 × 2 factorial design. research, the individual personality differences we Eight experimental scenarios were created by manip- examine are trust propensity and desire for infor- ulating the presence and absence of three privacy mation control. Trust propensity has been defined as assurance approaches (individual self-protection, “the extent to which a person displays a tendency to industry self-regulation, and government legisla- be willing to depend on others across a broad spec- tion). Individual self-protection (ISP) was manipulated trum of situations and persons” (McKnight et al. 2002, by providing technological self-protection features, p. 339). Trust propensity increases trust belief in a spe- i.e., privacy control functions in mobile devices (see cific context (e.g., toward a service provider; Pavlou Appendix C, which is available as part of the and Gefen 2004) and thus may decrease individu- online version that can be found at http://dx.doi.org/ als’ specific concerns for information privacy (Hui 10.1287/isre.1120.0416). Based on Barkhuus and Dey et al. 2007). Therefore, we treat this factor as a con- (2003), we manipulated individual self-protection trol variable in this research. Desire for information con- by providing subjects with an interactive graphi- Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. trol reflects individuals’ expected control over what cal interface of a mobile device that allows them organizations do with their information as well as to restrict their location information released to the the amount and types of information organizations LBS provider. Because TRUSTe is widely adopted will collect (Phelps et al. 2000). This variable has been and the seal is applicable for the wireless indus- conceptualized as an individual’s general tendency to try, industry self-regulation (REG) was manipulated desire information control, which is possessed by all by showing subjects a TRUSTe seal with a URL individuals to a greater or lesser degree (Phelps et al. link to the privacy policy of the LBS providers (see 2000). Research suggests that consumers who desire Appendix D1). A brief introduction explaining the Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1352 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

mission of TRUSTe was also given to the subjects and infrastructure. We adapted the items measuring to make sure they understood the significance of perceived control in the context of health psychology the TRUSTe seal (see Appendix D2). We manipu- (Reed et al. 1993) to focus on perceived control over lated government legislation (LEG) by telling the sub- personal information in the context of privacy. We inte- jects that the use of LBS was governed by a newly grated elements related to the measures of perceived enacted location privacy law which covered the col- control over information release and over unwanted lection and use of their personal information. Subjects access and use. were also presented with a piece of news related to Control Variables. To the extent possible, scales for the recent enactment of the location privacy law (see the control variables were adapted from prior studies Appendix E). to fit the context of this research. Desire for information control was assessed with three indicators that were 4.2. Operationalization of Variables and taken from Phelps et al. (2000). The measurement Pilot Study items focus on an individual’s expected control over Context-Specific Concerns for Information Privacy (CFIP): what companies do with their information as well We adapted the scale of CFIP developed by Smith as the amount and types of information companies et al. (1996) to measure privacy concerns pertaining will collect (Phelps et al. 2000). Privacy experience was to LBS. It has been demonstrated in the privacy lit- measured with three questions adapted from Smith erature (e.g., Angst and Agarwal 2009, Stewart and et al. (1996), and trust propensity was measured with Segars 2002) that CFIP was better modeled as a reflec- 5 three questions taken from McKnight et al. (2002). See tive second-order factor. When adapting CFIP into Appendix A for the operationalization details. the Internet context to develop the scale of IUIPC, The initial set of items was reviewed by six Malhotra et al. (2004) theorized and operationalized information systems faculty members and doctoral IUIPC using a reflective second-order factor. Given students and modestly modified as a result of the the strong theoretical and empirical evidence, we con- feedback. Next, we conducted a pilot study involv- ceptualized CFIP as a reflective second-order factor ing 86 graduate and undergraduate students to assess comprising four first-order components: collection of the strength of the manipulations, gauge the clarity personal information, unauthorized secondary use of per- of the questions, and verify the clarity and con- sonal information, errors in personal information, and ciseness of the experimental procedure and instruc- improper access to personal information. Changes were tions. The participants provided detailed feedback made to the instrument of CFIP to reflect privacy con- through interviews. Based on this feedback, we clar- cerns specific toward the LBS by replacing the word ified and streamlined the experimental instructions, companies to the company, referred to as the specific reorganized the instrument layout, and reworded service provider of LBS. some items. Perceived Control over Personal Information (CTL) was 6 measured using five reflective indicators. Prior pri- 4.3. Procedure and Task vacy literature (Goodwin 1991, Hoffman et al. 1999, At the start of each experimental session, the sub- Phelps et al. 2000, Spiekermann and Cranor 2009) jects were told that all instructions were available noted that control over personal information may online and that they should read the instructions be governed by two larger dimensions: (1) control carefully and complete the experiment independently. over information release at the frontend where personal After logging into the Web-based experimental sys- data flow in and out of users and (2) control over tem, the subjects answered a pre-session question- unwanted access and use of personal information at the naire that collected personal information for control backend where personal data are processed, stored, checks. Next, we provided a cover story to all sub- and transferred across different data sharing networks jects (see Appendix B). They were told that Com- pany A would soon be introducing an LBS application 5 Slyke et al. (2006) was the exceptional case in which CFIP was (location-aware mobile-coupon service) in the market modeled as a formative second-order factor. We conducted robust- and that their feedback was being solicited to evalu- ness test by re-running the PLS analyses with CFIP as a formative factor. Some path coefficients in this new model were slightly dif- ate this service. General information about the service Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. ferent from our current model in which CFIP was modeled as a provider and the service was also provided to the sub- reflective factor. But there was no significant change in terms of the jects. The experimental system tracked the browsing overall pattern of results. history of the subjects to ensure that all the pertinent 6 Similarly to the case of CFIP, we conducted robustness tests by experimental materials were read. re-running the PLS analyses with CTL as a formative factor. Some Next, the Web-based experiment system randomly path coefficients in this new model were slightly different from our current model in which CTL was modeled as a reflective factor. But generated an experimental scenario such that each there was no significant change in terms of the overall pattern of subject had an equal and independent chance of results. being assigned to any of the eight experimental Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1353

treatments. Subjects assigned to treatments involv- respondents with the general demographic character- ing individual self-protection were provided with the istics of the whole Singaporean mobile phone users interactive graphical interface of privacy enhancing reported by Singapore Statistics8 and the annual sur- features (see Appendix C). Subjects assigned to treat- vey by Infocomm Development Authority (iDA).9 The ments involving industry self-regulation were shown respondents did not differ from a nationally represen- the TRUSTe seal and the URL link to the privacy tative sample in terms of gender ratio, age, mobile policy (see Appendix D1 and D2). Finally, subjects phone usage, and Internet and online shopping expe- assigned to treatments involving government legis- rience. Nonresponse bias (Armstrong and Overton lation were given the privacy protection laws and 1977) was also assessed by verifying that (1) the a piece of enforcement news (see Appendix E). The respondents’ demographics are consistent with cur- order for presenting these treatments was random- rent mobile phone users in Singapore and (2) that ized by our online experiment system. To conclude early and late respondents were not significantly dif- the experiment, the subjects answered a post-session ferent. Early respondents were those who responded questionnaire that contained the questions measuring within the first week (48%). The two groups of early perceived control, context-specific concerns for infor- and late respondents were compared based on their mation privacy, and other information for manipula- demographics (age, gender, education, income, and tion checks. Subject responses to the meaningfulness mobile application usage experience); perceived con- of the task (see Appendix A for questions used for trol; privacy concerns; desire for information control; task validity check) were significantly higher than the trust propensity; and privacy experience. All t-test neutral value. comparisons between the means of the two groups showed insignificant differences. Thus, we believe 4.4. Participants that the demographics of our participants who clicked We recruited participants by posting announcements on the link to our experiment are roughly consis- on the major Web portals in Singapore. The post- tent with those of the general mobile phone users in ing provided some background about the researchers Singapore. and the study without revealing the experimental treatments and invited forum participants to com- 5. Data Analyses and Results plete this study. Those who chose to participate could easily do so by clicking on the URL provided in 5.1. Manipulation and Control Checks the posting, which would take them into the experi- Experimental manipulations were checked by three mental system. This recruitment procedure yielded a steps. First, JavaScript programming was used to log total of 198 subjects. To motivate participants to com- the time each subject spent on the treatment page in plete this study, a lottery with four prizes7 (a mobile order to verify that subjects had browsed the mate- phone, an MP3 player, a Bluetooth headset, and a cash rials pertaining to their respective treatments. Data prize) was offered. The strategy of rewarding sub- from 12 subjects were dropped because these subjects jects through raffle prizes in exchange for divulging spent fewer than 10 seconds reading the manipulation personal attitudes or behaviors is well applied in materials. Second, experimental manipulations were the survey methodology (e.g., Pavlou et al. 2007, checked using yes/no questions for the existence or Wang and Benbasat 2009). Among the respondents, absence of the privacy assurance approaches in order 54% were males and 46% were females; 57% respon- to confirm their awareness of the assurances. Data dents reported that they had no experience with using from eight subjects were dropped because they failed LBS for the past six months whereas 43% reported to correctly respond to the manipulation check ques- that they has some usage experience. Specific demo- tions. Third, we included the perceptual questions to graphic information is shown in Appendix F. test the effectiveness of the manipulations. Paired- Our sampling approach lacks the report on the sample T -tests show that all treatments were manip- number of individuals who have seen the request ulated effectively. Specifically, participants in present for participation, which is different from the tradi- ISP treatment group believed that they can better tional survey sampling approach where a response control when the service provider can track and com- Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. rate is calculated and reported to compare the municate with their mobile devices than the partici- demographics of the sample against those of the pants in absent ISP treatment did (t = 90921 p < 00001). population. To address this sampling concern, we Participants in present REG treatment group believed compared the demographic characteristics of our that the service provider was less likely to violate their privacy and could protect their data better

7 We believe that the amount of rafﬂed prizes offered in this study 8 is appropriate. The amount of our highest prize (around US$85) is http://www.singstat.gov.sg/keystats/annual/indicators.html. lower than that (US$100) offered in Pavlou et al. (2007). 9 http://www.ida.gov.sg/Publications/20061205092557.aspx. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1354 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

than the participants in absent REG treatment did of manifest indicators approach (Wetzels et al. 2009) (t = 120651 p < 00001). Participants in present LEG treat- and the latent variable score approach (Chin 1998). ment group believed that relevant legislation could In this research, we adopted the latter approach to better govern the protection of their private informa- measure the second-order construct of CFIP using tion than the participants in absent LEG treatment did summated scales, which were represented by factor (t = 160621 p < 00001). These three-step manipulation scores derived from the confirmatory factor analysis checks resulted in a data set of 178 usable and valid (Agarwal and Karahanna 2000). responses. Discriminant validity is the degree to which mea- In addition, Mann-Whitney tests showed that gen- sures of different constructs are distinct (Campbell der ratio and education level of subjects did not differ and Fiske 1959). To test discriminant validity (Chin significantly across the various treatments. ANOVA 1998): (1) indicators should load more strongly on tests revealed that subjects assigned to the various their corresponding construct than on other constructs treatments did not differ significantly in terms of their in the model, and (2) the square root of the variance age, income, mobile device usage experience, desire shared between a construct and its measures should for information control, trust propensity, and privacy be greater than the correlations between the construct experience. Hence, the random assignment of subjects to the various treatments appeared to be effective. and any other construct in the model. As shown in Appendix G, all factor loadings are higher than cross- 5.2. Measurement Validation loadings. Furthermore, as shown by comparing the A second-generation causal modeling statistical tech- diagonal to the nondiagonal elements in Table 2, all nique—partial least squares (PLS)—was used for constructs share more variance with their indicators data analysis. We evaluated the measurement model than with other constructs. Therefore, all items ful- by examining the convergent validity and discrimi- filled the requirement of discriminant validity. nant validity of the research instrument. Convergent Finally, although common method bias might not validity is the degree to which different attempts be a major concern when measures of independent to measure the same construct agree (Cook and and dependent variables are obtained from different Campbell 1979). In PLS, three tests are used to deter- sources (Podsakoff et al. 2003) in an experimental mine the convergent validity of measured reflective study, we incorporated the considerations of address- constructs in a single instrument: reliability of items, ing this concern in our research. First, in the research composite reliability of constructs, and average vari- and instrument design, to control acquiescence bias, ance extracted by constructs. We assessed item reli- we used bipolar scales and provided verbal labels ability by examining the loading of each item on for the midpoints of scales. Based on the feedback the construct and found that the loadings for all from pilot tests, we provided examples for those the items exceeded 0.65 (see Appendix G), indicating terms or concepts with which subjects may be unfa- adequate reliability (Falk and Miller 1992). Compos- miliar. Second, following Podsakoff et al. (2003), we ite reliabilities of constructs with multiple indicators ran Harman’s single-factor test to test for common exceeded Nunnally’s (1978) criterion of 0.7. The aver- method variance. If common method variance were age variances extracted for the constructs were all above 0.5, and the Cronbach’s alphas were also all a serious problem in the study, we would expect higher than 0.7. As can be seen from the confirmatory a single factor to emerge from a factor analysis or factor analysis (CFA) results in Appendix G10 and the one general factor to account for most of the covari- reliability scores in Table 2, these results support the ance among measures (Podsakoff et al. 2003). We per- convergent validity of the measurement model. formed an exploratory factor analysis by loading all For the construct of CFIP, it is modeled as a items on a single factor. No general factor was appar- second-order variable, reflecting four first-order fac- ent in the unrotated factor structure, with Factor 1 tors, namely collection, unauthorized access, error, and accounting for 22% of the variance, indicating that secondary use. According to Wetzels et al. (2009), there common method variance is unlikely to be a seri- are two approaches to estimate models with second- ous problem in the data. Third, we ran Lindell and

Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. order factors in PLS path modeling: the repeated use Whitney’s (2001) test that uses a theoretically unre- lated construct (termed a marker variable), which was 10 To perform CFA in PLS, the following procedure was suggested used to adjust the correlations among the principal by Chin (1998) and applied in Agarwal and Karahanna (2000): The constructs (Malhotra et al. 2006, Son and Kim 2008). loadings for the construct’s own indicators were provided by PLS. We assessed correlation between the marker vari- To calculate cross-loadings, a factor score for each construct was able and our research constructs because they were calculated based on the weighted sum of the construct’s indicators. Then these factor scores were correlated with all other indicators assumed to have no relationships. The results indi- to calculate cross-loadings of other indicators on the construct. cated that the average correlation coefﬁcient was close Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1355

Table 2 Construct Correlation Matrix

ISP × ISP × CTL COL AC ER USE DIC EXP TRU AGE SEX ED ISP REG LEG LEG REG

CTL 0089 COL −0041 0088 AC −0056 0076 0093 ER −0038 0057 0070 0094 USE −0059 0069 0088 0063 0096 DIC 0005 0013 0010 0008 0008 0094 EXP −0004 0024 0019 0017 0021 0019 0084 TRU 0012 −0009 −0014 −0012 −0015 0014 0003 0079 AGE −0016 0010 0008 0010 0014 0003 0014 0001 1000 SEX 0017 0003 0007 0009 0011 0004 −0002 0012 −0014 1000 ED −0005 0007 0003 0008 0001 0002 0005 0005 0025 −0020 1000 ISP 0020 −0013 −0008 −0002 −0008 −0001 −0012 0007 −0012 0002 0007 1000 REG 0039 −0015 −0017 −0015 −0019 0011 −0003 0005 −0009 0007 −0008 −0001 1000 LEG 0032 −0001 −0013 −0001 −0020 −0010 0011 0005 −0005 0007 −0003 −0001 −0001 1000 ISP × LEG −0020 0008 0009 0008 0015 −0003 −0011 0004 0004 −0008 0015 0001 −0002 −0001 1000 ISP × REG −0004 0005 0004 0015 0010 −0013 −0015 0002 0006 −0012 −0003 0001 −0001 −0002 −0001 1000

Notes. CTL = perceived control, COL = Collection, AC = Unauthorized Access, ER = Error, USE = Secondary Use, DIC = Desire for Info Control, EXP = Privacy Experience, TRU = Trust propensity, AGE = Age, SEX = Gender, ED = Education level, ISP = Individual Self-protection, REG = Industry Self-regulation, LEG = Government Legislation. Value on the diagonal is the square root of average variance extracted (AVE).

to zero (r = 0002, n.s.).11 Thus, it seems reasonable including the control variables on top of the inde- to argue that this present study is relatively robust pendent variables only explains an additional 5.3% against common method biases. (4007% − 3504%) of the variance, as shown by a comparison of Models 1 and 3. These results suggest that 5.3. Testing the Structural Model our theoretical model is substantive enough to explain After establishing the validity of the measures, a large proportion of the variance in context-specific we conducted the PLS analysis to test the hypotheses. concerns for information privacy. Because PLS does not generate any overall good- ness of fit indices, predictive validity is assessed pri- marily through an examination of the explanatory power and significance of the hypothesized paths. Table 3 Path Coefficients for Structural Model The explanatory power of the structural model is Model 1 Model 2 Model 3 Model 4 assessed based on the amount of variance explained interaction main effects theoretical control in the endogenous construct (i.e., context-specific con- Effect model model constructs constructs cerns for information privacy). Perceived Control (CTL) Table 3 depicts the structural models. We estimated Individual self-protection 0021∗∗ 0022∗∗ 0021∗∗ four models. Model 1 is the full model with interac- (ISP) tion effects, whereas Model 2 is a model with only Industry self-regulation 0039∗∗ 0037∗∗ 0039∗∗ (REG) main effects. Model 3 includes only the theoretical Government legislation 0032∗∗ 0034∗∗ 0032∗∗ variables (excluding control variables) as predictors. (LEG) Model 4 is a controls-only model that provides a ISP × LEG −0019∗ −0019∗ benchmark for assessing the additional impacts of the ISP × REG −0004 −0004 2 theoretical variables. An examination of the results R (%) 3305 2905 3305 for the full model (Model 1) reveals that the path Context-Specific Concerns for Information Privacy coefficient expressing the effect of perceived control (CFIP) on CFIP is −0060 and highly significant (t = 9092). Perceived control −0060∗∗ −0060∗∗ −0060∗∗

Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. Hypothesis H1 is thus supported: when perceived Age 0001 0001 0009 control over personal information increases, CFIP Gender 0002 0001 0004 decreases. A comparison of Models 1 and 4 shows Education level 0001 0001 0004 Desire for information 0008 0008 0010 that the full model explains a substantive incremen- control tal variance of 30.3% (4007% − 1004%). In contrast, Trust propensity −0004 −0004 −0013 Privacy experience 0016∗ 0015∗ 0021∗ R2 (%) 4007 4000 3504 1004 11 We measured the marker variable of fashion leadership based on those items (see Appendix A) from Goldsmith et al. (1993). ∗p < 0005, ∗∗p < 0001. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1356 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

5.3.1. Interaction Test. We hypothesized the inter- Figure 2(a) PLS Model Without Perceived Control action effects between personal control agency and –0.15* proxy control agency (H2 and H3), which were tested Individual self-protection using PLS (see Model 1 of Table 3). As H3 pre- Context- ** dicted, there was a significant interaction between Industry self-regulation –0.32 specific individual self-protection and government legislation privacy (b = −00191 p < 00051 ãR2 = 4%). But the interaction concerns Government legislation ** between individual self-protection and industry self- –0.18 R 2 = 18.6% regulation (H2) was not significant (see Model 1 of Table 2). The test for the significant interaction effect was conducted by following Carte and Russell (2003), Figure 2(b) PLS Model with Perceived Control to examine whether the variance explained because Individual self-protection –0.07 of the interaction effect is significant beyond the main 2 effects, using the F -statistic 8 = 6ãR /4dfinteraction − –0.19** 2 Industry self-regulation Context- dfmain57/641 − Rinteraction5/4N − dfinteraction − 1579. The specific F -statistic was F 4211725 = 5017 4p < 00015, thereby –0.09 privacy supporting the significant interaction effect between Government legislation concerns

individual self-protection and government legislation. 2 –0.55** R = 37.9% To further validate the interaction effect between Perceived control individual self-protection and government legislation, we ∗ ∗∗ followed the Chin et al. approach (2003) that was Note. p < 0005, p < 0001. adopted in Im and Rai (2008) to perform the test comparing the R2 values between the main and interac- mediator. As the Table 3 shows, the relationships 2 2 2 between the proposed mediator (perceived control) and tion effects by using Cohen’s f 6= 4Rinteraction −Rmain5/ 2 the three independent variables (ISP, REG, and LEG) 41 − Rmain57. Controlling for the study’s control variables, the variance explained on perceived control was were significant. The second condition requires the 33.5% when accounting for the interaction effect, independent variable must significantly affect the whereas only 29.5% was explained with only the main dependent variable. The PLS results (see Figure 2(a)) effects. The interaction constructs have the effect size demonstrated that the three independent variables f 2 of 0.06, which is between a small and medium (ISP, REG, and LEG) were significantly related to effect (Chin et al. 2003), thus confirming H3. the dependent variable (CFIP). The last condition 5.3.2. Mediation Test. In our theoretical model, stipulates that the relationship between the indepen- we posited that perceived control would mediate the dent variable and the dependent variable should be relationship between privacy assurance approaches weaker or insignificant when the proposed media- and CFIP. To test for this mediation, we followed tor is included than when the proposed mediator is Nicolaou and McKnight’s approach (2006) to conduct not included. The results (see Figure 2(b)) indicated two related techniques. First, power analysis may pro- that the path coefficient for individual self-protection vide information about the significance of omitted (b = −0007) and the path coefficient for government leg- paths in a reduced model (Cohen 1988). We restricted islation (b = −0009) were not significant when perceived the research model to include only the paths from control was included in the model; the path coeffi- privacy assurance approaches (ISP, REG, and LEG) to cient for industry self-regulation (b = −0032 compared context-specific privacy concerns. We found all three pri- with b = −0019) was lower when perceived control was vacy assurance approaches have direct positive effects included in the model. Figures 2(a) and 2(b) summa- on CFIP (see Figure 2(a)). However, the percentage rize the results for testing the mediating effect of per- of variance explained for context-specific privacy conceived control, which satisfied the conditions needed to cerns decreased from 35.4% (see Model 3 of Table 2) to establish mediation by Baron and Kenny (1986). 18.6% (see Figure 2(a)). Chin (1998) recommends the Sobel (1982) tests were also conducted as a means calculation of an effect size because of the omission of of further examining evidence for mediation above paths from the model: The effect size when the per- and beyond procedures recommended by Baron and Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. ceived control path is omitted equals 0.26, which is Kenny (1986). This test is designed to assess whether between a medium and large effect. This shows that a mediating variable significantly carries the influence perceived control has an important effect on CFIP and of an independent variable to a dependent vari- that researchers should not exclude it from the model. able, i.e., whether the indirect effect of the indepen- Second, Baron and Kenny (1986) suggested that dent variable on the dependent variable through the mediation is demonstrated if three conditions are ful- mediator variable is significant. Results of Sobel tests filled: the first condition stipulates that the indepen- supported the mediating effects of perceived con- dent variable must significantly affect the proposed trol for (i) the relationship between ISP and CFIP Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1357

(z = 20961 p < 0001), (ii) the relationship between REG studies have demonstrated weak effects of industry and CFIP (z = 40341 p < 0001), and (iii) the relation- self-regulations on addressing consumer privacy con- ship between LEG and CFIP (z = 30331 p < 0001). Thus, cerns (Hui et al. 2007, Moores 2005, Moores and all of the statistical tests supported perceived control Dhillon 2003). In fact, Edelman (2011) recently pointed as mediating the relationships between privacy assur- out that some industry self-regulators such as pri- ance approaches (ISP, REG, and LEG) and CFIP. vacy certification authorities have failed to pursue complaints against major companies whose privacy breaches were found to be “inadvertent.” Therefore, 6. Discussions and Implications in the event that individuals’ personal information 6.1. Discussions of Findings has been misused, they may not have an effective This study seeks to clarify the nature of control means to seek redress because there is reasonable in the context of information privacy to generate basis to question the enforcement power of industry insights into the effects of different privacy assur- self-regulators to ensure merchants act according to ance approaches on context-specific concerns for their privacy policies. information privacy. We theorized that such effects To obtain further insight into the interaction that are exhibited through mediation by perceived control is contrary to the prediction, we conducted a post over personal information and developed arguments hoc analysis using ANOVA. The ANOVA results in support of the interactive effects involving different (see Appendix H) confirmed the interaction pat- privacy assurance approaches. In general, the results tern demonstrated in PLS: there was a significant support our core assertion that perceived control over interaction between individual self-protection and gov- = personal information is a key factor affecting context- ernment legislation (F 40341 p < 0005), but the interac- specific concerns for information privacy. We extend tion between individual self-protection and industry = = the literature by investigating the interaction among self-regulation was not significant (F 00601 p 0044). privacy assurance approaches that provide individu- However, the ANOVA results also revealed an unex- pected significant interaction between industry self- als with personal control or proxy control. regulation and government legislation (F = 40731 p < By exploring the interaction effects of three pri- 0005). After plotting the significant interaction effects vacy assurance approaches, this study takes the with t-tests, we found substitution effects from these privacy discourse beyond a general discussion of pri- two significant interaction effects: one between indi- vacy concerns. It generates insights into how the vidual self-protection and government legislation (ISP × context-specific privacy concerns of individuals can LEG) and the other between industry self-regulation be alleviated by raising their perceived control over and government legislation (REG×LEG). As shown in the collection and use of their personal information Appendix H, the first interaction effect shows that the in a specific context. Given the debate among schol- difference between the two ISP conditions in the no ars and practitioners on the relative effectiveness of LEG condition is significant, whereas this difference is these three (and other) approaches for reducing pri- not significant in the LEG condition. Similarly, the dif- vacy concerns (Culnan and Bies 2003), these insights ference between the two LEG conditions is significant can serve as a theoretical basis for further efforts in the no ISP condition, whereas this difference is not to generate insights on this topic. Beyond confirm- significant in the ISP condition. These results suggest ing prior findings that these three privacy assurance that for the two types of control assurance, i.e., per- approaches have a direct effect on enhancing control sonal control via ISP and proxy control via LEG, one perceptions (thereby alleviating privacy concerns) in a could substitute for the other to some extent. specific context, this study focuses on the interactions Along with the aforementioned interaction effect among these approaches. Specifically, two interactions between individual self-protection and government leg- are proposed and one is supported (involving indi- islation (ISP × LEG), the relationship between indus- vidual self-protection and government legislation). try self-regulation and government legislation (REG× Results show that the presence of individual self- LEG) shares a similar interaction pattern. The results protection offering personal control diminishes the show that the difference between the two REG condi- impact of government legislation offering proxy con- tions in the no LEG condition is significant, whereas Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. trol, but it does not diminish the impact of proxy con- this difference is not significant in the LEG condition. trol via industry self-regulation (as hypothesized). Similarly, the difference between the two LEG condi- One plausible explanation for this insignificant tions is significant in the no REG condition, whereas interaction is that individuals may perceive that the this difference is not significant in the REG condi- industry self-regulators are generally lacking enforce- tion. These results suggest that for the two regulatory ment authority. Hence individuals may not regard approaches (i.e., industry self-regulation and govern- industry self-regulators (such as TRUSTe) as powerful ment legislation), one could substitute for the other to others that can exercise proxy control for them. Prior some extent. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1358 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

Looking at the entire set of significant interac- items in our list of personal characteristics (demo- tions, it seems that individuals understand individ- graphic differences and personality traits such as ual self-protection and industry self-regulation in a desire for information control and trust propensity) similar fashion (even though the intent of this pri- were shown to have insignificant influences on privacy assurance mechanism may have been to offer vacy concerns in the specific context of LBS. Although proxy control). If this is the case, it would explain these variables were found to be significant when the results showing that industry self-regulation inter- included as the predictors of general privacy con- acts with government legislation but not with individ- cerns in prior research, their effects were shown to ual self-protection. One possible explanation for this be overridden by context-specific factors that tie the result could be because of the weak enforcement assessment of privacy concerns to specific services power of industry self-regulators. Individuals may in this research. This is consistent with the proposi- perceive that they do not have an effective means to tion of privacy paradox (Acquisti and Grossklags 2005) seek redress from the industry self-regulators when that individuals’ stated levels of general privacy con- their personal information has been misused. Thus, as cerns often deviate from or are even contradictory in the case of individual self-protection, individuals to their actual privacy assessment in a specific con- have to exercise careful discretion on what personal text. As Berendt et al. (2005) demonstrated through information to provide when industry self-regulation an experimental study, individuals could easily for- is present. It seems that the use of individual self- get their stated general privacy concerns and dis- protection or industry self-regulation shifts much of close very personal details when interacting with an the onus of protecting personal information to indi- entertaining website. Accordingly, we suggest that viduals themselves. This may explain why individu- future privacy research should not only examine pri- als did not regard industry self-regulators as powerful vacy concerns at a general level but also consider others that can exercise proxy control for them. situational elements and contextual differences at a Because the correlation matrix (in Table 2) showed specific level. substantially different correlation values between perceived control and the first-order factors of CFIP (col- 6.2. Limitations and Future Research lection, unauthorized access, error, and secondary use), There are several limitations in this study that we conducted a post hoc analysis to see how per- present useful opportunities for further research. ceived control impacts each first-order factor of CFIP First, we conducted the study in Singapore, which (see Appendix I). Results showed that perceived control has a strong reputation for enforcing government played a significant role in alleviating privacy con- legislation (Harding 2001). Thus, the subjects may cerns related to all four aspects. Among the relation- have well-formed and powerful beliefs about proxy ships between perceived control and the four first-order control through government legislation. In countries factors of CFIP, perceived control was more influential where such government legislation is generally lack- in addressing concerns for secondary use (b = −0061) ing or where enforcement of government legislation and unauthorized access (b = −0057) than it was for is limited, individuals may have a weaker preference collection (b = −0041) and error (b = −0039). These for proxy control through government legislation. As observations made about the variations across the Smith (2004) pointed out, different countries have four first-order factors suggest that there is value in approached privacy issues differently in various reg- investigating these four first-order factors of CFIP in ulatory structures (with “omnibus” privacy bills or a future research at a more fine-grained level. From “patchwork” of sector-specific laws). Therefore, future the practical perspective, LBS practitioners should research should be conducted in other countries to pay more attention to develop and deploy privacy provide further insights into the effects of privacy control mechanisms that can limit secondary use assurance approaches. of personal information and unauthorized access to Second, we have employed a manipulation of personal information. privacy-enhancing technology as one type of individ- Examining control variables in the structural mod- ual self-protection approaches, which is commonly els also offers some insights. Among three types of used in the practice of LBS. Future research can Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. personal characteristics (demographic differences, person- investigate whether nontechnological self-protection ality traits, and previous privacy experience), only previ- approaches (e.g., reading privacy policy, refusal, ous privacy experience was found to have a significant misrepresentation, removal, negative word-of-mouth, effect on privacy concerns. This implies that those complaining directly to online companies, and com- who have encountered negative privacy experiences plaining indirectly to third-party organizations; Son are more aware of undesirable consequences of dis- and Kim 2008) would yield the same impact as the closing personal information in the LBS context based privacy-enhancing technology in terms of raising per- on previous experience. Interestingly, most of the ceived control over personal information. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1359

Third, we have included a number of individ- mitigating privacy concerns in the context of LBS. ual differences as control variables in this study. Such separation of control from privacy concerns is Future research can examine whether such differ- important because it enables us to avoid conflating ences moderate the relationship between the three the concept of privacy with the concept of control. privacy assurance approaches and perceived control Second, our proposed model has established over personal information. In addition, the role of the importance of a psychological perspective of personal disposition has been an important factor in control in alleviating privacy concerns. Specifi- behavioral models, such as those related to trust and cally, we integrated the control agency theory into the effect of personal disposition to trust on trusting the research model and examined the efficacy of behavior (e.g., McKnight et al. 2002). In light of posi- three privacy assurance approaches (individual self- tioning privacy concerns as context specific beliefs, protection, industry self-regulation, and government it might be worthwhile to examine how disposition to regulation) in influencing privacy concerns through value privacy (Xu et al. 2008) would impact context- the mediating effect of perceived control in the con- specific privacy concerns. Fourth, and by design, text of LBS. This represents one of the few studies this research is limited to the examination of the that theoretically differentiate three privacy assur- mediation role of perceived control between privacy ance approaches by linking them with different assurance approaches and context-specific privacy types of control agencies. Most importantly, although concerns as well as the interaction effects involv- the privacy literature has exclusively examined the ing different privacy assurance approaches. There- individual effect of privacy assurance approaches fore, we have not extended the nomological network (e.g., Metzger 2006), this study extends the literature to consider how those context-specific privacy con- by proposing interaction effects of these mechanisms cerns are translated into privacy-related intentions on alleviating privacy concerns, based on the type and behaviors. An extension of this study can view of control agencies they can provide. This extension context-specific privacy concerns as a mediating vari- is particularly relevant in today’s world, which has able in a larger nomological network, with it leading a diversity of privacy assurance approaches. Particu- to privacy-related behaviors. larly, this study derives theory-driven privacy inter- In addition, the respondents for this study were ventions as well as provides early empirical evidence recruited from major Web portals in Singapore. Such showing that implementing more privacy assurance a sampling approach lacks the report on the num- approaches does not necessarily lead to higher control ber of individuals who have seen the request for perceptions. participation, which is different from the traditional Third, to respond to the compelling call for research survey sampling approach where a response rate is investigating the role of technologies in influencing calculated and reported to compare the demograph- the privacy theoretical development (Waldo et al. ics of the sample against those of the population. 2007), we viewed the technological advancement as a Care must be taken in any effort to generalize our double-edged sword in this research: on the one hand, findings beyond the boundary of our sample. Lastly, location-based technologies make the privacy chal- the research model has been developed and tested lenge particularly vexing; on the other hand, privacy in a specific context of LBS. An implication for protections could be implemented through privacy- future research is to extend the theoretical framework enhancing technologies (PETs). Although the nega- described in this research to other contexts that may tive side of technological advancement has long been raise similar or extended privacy issues. For example, highlighted as the main driver of privacy concerns there has been much discussed in the public media in various contexts (e.g., Internet, data mining, and about privacy-related backlashes among social net- profiling), the positive side regarding the role of PETs working sites (e.g., Brandimarte et al. 2010, Wang has not been fully addressed in the IS field. With et al. 2011). It would be interesting to test the theoreti- the active rolling out of PETs by the technologists cal framework developed here in the context of online (e.g., Squicciarini et al. 2011), it would be important social interactions to assess its applicability. for IS researchers to include the PETs in the examination of individual self-protection approaches in the 6.3. Theoretical Contributions privacy research. Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. This study aims to contribute to existing privacy research in several ways. First, our primary contribu- 6.4. Practical Implications tion is to clarify the link between control and privacy The findings of this study have useful implications for in the context of LBS. Although the notion of con- LBS providers and individuals as well as regulatory trol is embedded in many privacy definitions and has bodies and LBS technology developers. To the extent been used to operationalize privacy in instruments, that perceived control is a key factor influencing pri- its meaning has been ambiguous. In this research, we vacy concerns pertaining to LBS, measures that can establish the mediating role of perceived control in increase users’ perceived control over the collection Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1360 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

and use of their personal information should help by emphasizing its privacy-enhancing features, its individuals’ privacy concerns pertaining to LBS. TRUSTe membership, and its relationship with indus- Although the presence of three privacy assurance try regulators to establish accepted standards of pri- approaches has an overall effect, this study suggests vacy protection (e.g., Center for Democracy and Tech- that, for the two regulatory approaches of privacy nology and the Ponemon Institute). Considering that assurance (i.e., industry self-regulation and govern- there has yet to be any international consensus on ment legislation), implementing one of them seems suitable legal frameworks for privacy practices, it is adequate to install consumers’ confidence in control- unrealistic to expect the privacy laws to be carried out ling their personal information in LBS. This finding globally. Therefore, a hybrid mechanism combining sheds some light on the conflicts between the different individual self-protection and industry self-regulation approaches of the United States and European Union can effectively provide individuals with control over to regulating privacy—the self-regulatory approach the collection and use of their personal information. versus the comprehensive legislative approach. In the Such a hybrid mechanism may become increasingly United States, self-regulation, particularly in the con- prevalent globally. text of e-commerce and online social networks, is used as a means to preempt the need for legislation, which can be more constraining to industry participants. On 7. Conclusion the opposite side of the spectrum, the European Union In the years ahead, the ubiquitous computing may takes a stronger approach that relies on government be reinforced by rapid advances in location-based enforcement of mandatory legal rules to ensure ade- technology that will continue to produce new mobile quate privacy protection of personal information. Our services for individuals. This study is one of the first finding adds to the self-regulation versus legislation attempt to develop a theory on privacy by adopting debate by suggesting that having a high degree of self- a psychological control perspective in a specific con- regulation nullifies the need for legislation, whereas text of LBS. Our results reveal that individual self- having a high degree of legislation nullifies the need protection, industry self-regulation, and government for self-regulation. In addition, this study suggests legislation interact to affect perceived control, which that for the legislative approach of privacy assur- in turn influences the context-specific privacy con- ance and the individual self-protection approach, one cerns of individuals. With an understanding of the could substitute for the other to some extent. Because government legislation is usually more expensive to rationale for the interactions among the three pri- institute and only exists within a legal jurisdiction vacy assurance approaches, these results serve as a (Pavlou and Gefen 2004), promoting the individual basis for future theoretical development in the area of self-protection approach should be increasingly per- information privacy. Theoretical developments in this ceived as a viable substitute for government legisla- direction should also yield valuable insights that can tion approach because of its ability to cross interna- guide practice. tional, regulatory, and business boundaries. Results of this study lead to the recommendation Electronic Companion that for situations where regulatory bodies are not An electronic companion to this paper is available as willing to enact legislation to protect the privacy of part of the online version at http://dx.doi.org/10.1287/ personal information or cannot enforce the legisla- isre.1120.0416. tion when violations occur, the effects of individual self-protection and industry self-regulation are Acknowledgments likely to be pronounced. Therefore, LBS technol- The authors are very grateful to the senior editor, Elena ogy developers can benefit from the promotion of Karahanna, for her encouragement and direction in helping the individual self-protection approaches (especially them develop this manuscript. They are also grateful to the through PETs) and LBS providers can increase their associate editor, Mariam Zahedi, for her very helpful guid- business by promoting industry self-regulation with ance and to the three anonymous reviewers for their con- a trusted third party. Without government legisla- structive advice and helpful comments on earlier versions of this manuscript. Heng Xu gratefully acknowledges the

Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. tion in place, it is valuable to provide individuals with individual self-protection and industry self- ﬁnancial support of the National Science Foundation under regulation. For example, as a startup company in the Grant CNS-0953749. LBS industry, Loopt.com12 has promoted its services

12 Altman, S. “Best Practices for Location-based Services: Privacy, References User Control, Carrier Relations, Advertising, and More,” Where ABI (2011) Location analytics and privacy: The impact of privacy on 2.0 Conference, Burlingame, CA, May 12–14, 2008. Available at LBS, location analytics, and advertising. Allied Business Intel- http://en.oreilly.com/where2008/public/schedule/detail/1700. ligence Inc. http://www.abiresearch.com/research/1007751. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1361

Ackerman MS, Mainwaring SD (2005) Privacy issues and human- Caudill EM, Murphy PE (2000) Consumer online privacy: Legal computer interaction. Garfinkel S, Cranor L, eds. Security and and ethical issues. J. Public Policy and Marketing 19(1):7–19. Usability: Designing Secure Systems That People Can Use (O’Reilly, Chin WW (1998) The partial least squares approach to structural Sebastopol, CA), 381–400. equation modeling. Marcoulides GA, ed. Modern Methods for Acquisti A, Grossklags J (2005) Privacy and rationality in individual Business Research (Lawrence Erlbaum Associates, Mahwah, NJ), decision making. IEEE Security Privacy 3(1):26–33. 295–336. Agarwal R, Karahanna E (2000) Time flies when you’re having fun: Chin WW, Marcolin BL, Newsted PR (2003) A partial least squares Cognitive absorption and beliefs about information technology latent variable modeling approach for measuring interaction usage. MIS Quart. 24(4):665–692. effects: Results from a Monte Carlo simulation study and an Ajzen I (2001) Nature and operation of attitudes. Annual Rev. Psych. electronic-mail emotion/adoption study. Inform. Systems Res. 52(February):27–58. 14(2):189–217. Altman I (1976) Privacy: A conceptual analysis. Environment Behav. 8(1):7–29. Cohen J (1988) Statistical Power Analysis for the Behavioral Sciences, 2nd ed. (L. Erlbaum Associates, Hillsdale, NJ). Angst CM, Agarwal R (2009) Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood Cook M, Campbell DT (1979) Quasi-Experimentation: Design and model and individual persuasion. MIS Quart. 33(2):339–370. Analysis Issues for Field Settings (Houghton Mifflin, Boston). Armstrong JS, Overton TS (1977) Estimating nonresponse bias in Cranor LF (2002) Web Privacy with P3P (O’Reilly & Associates, mail surveys. J. Marketing Res. 14(3):396–402. Sebastopol, CA). Awad NF, Krishnan MS (2006) The personalization privacy para- CTIA (2008) Best practices and guidelines for location based dox: An empirical evaluation of information transparency and services. The Cellular Telecommunications and Internet the willingness to be profiled online for personalization. MIS Association (CTIA). http://www.ctia.org/content/index.cfm/ Quart. 30(1):13–28. AID/11300. Bandura A (2001) Social cognitive theory: An agentic perspective. Culnan MJ (1993) “How did they get my name”? An exploratory Annual Rev. Psych. 52(1):1–26. investigation of consumer attitudes toward secondary informa- Bansal G, Zahedi F, Gefen D (2008) The moderating influence of pri- tion use. MIS Quart. 17(3):341–364. vacy concern on the efficacy of privacy assurance mechanisms for building trust: A multiple-context investigation. Proc. 29th Culnan MJ (1995) Consumer awareness of name removal proce- Annual Internat. Conf. Inform. Systems (ICIS 2008), Paris, France dures: Implication for direct marketing. J. Interactive Marketing (AIS, Atlanta). 9(2):10–19. Bansal G, Zahedi FM, Gefen D (2010) The impact of personal dispo- Culnan MJ (2000) Protecting privacy online: Is self-regulation sitions on information sensitivity, privacy concern and trust in working? J. Public Policy and Marketing 19(1):20–26. disclosing health information online. Decision Support Systems Culnan MJ, Armstrong PK (1999) Information privacy concerns, 49(2):138–150. procedural fairness and impersonal trust: An empirical inves- Barkhuus L, Dey A (2003) Location-based services for mobile tele- tigation. Organ. Sci. 10(1):104–115. phony: A study of user’s privacy concerns. Proc. INTERACT, Culnan MJ, Bies JR (2003) Consumer privacy: Balancing economic 9th IFIP TC13 Internat. Conf. Human-Comput. Interaction, Zurich, and justice considerations. J. Soc. Issues 59(2):323–342. Switzerland (IOS Press, Amsterdam), 709–712. Barkhuus L, Brown B, Bell M, Sherwood S, Hall M, Chalmers M Culnan MJ, Williams CC (2009) How ethics can enhance organi- (2008) From awareness to repartee: Sharing location within zational privacy: Lessons from the Choicepoint and TJX data social groups. Proc. Twenty-Sixth Annual SIGCHI Conf. Human breaches. MIS Quart. 33(4):673–687. Factors Comput. Systems (ACM, Florence, Italy), 497–506. DeCew JW (1997) In Pursuit of Privacy: Law, Ethics, and the Rise of Baron RM, Kenny DA (1986) The moderator-mediator variable dis- Technology (Cornell University Press, Ithaca, NY). tinction in social psychological research: Conceptual, strate- Dhillon GS, Moores T (2001) Internet privacy: Interpreting key gic, and statistical considerations. J. Personality Soc. Psych. issues. Inform. Resources Management J. 14(4):33–37. 51(6):1173–1182. Dinev T, Hart P (2004) Internet privacy concerns and their Bellman S, Johnson EJ, Kobrin SJ, Lohse GL (2004) International antecedents—measurement validity and a regression model. differences in information privacy concerns: A global survey Behav. Inform. Tech. 23(6):413–423. of consumers. Inform. Soc. 20(5, Nov–Dec):313–324. Berendt B, Gunther O, Spiekermann S (2005) Privacy in e-com- Dinev T, Hart P (2006) An extended privacy calculus model for merce: Stated preferences vs. actual behavior. Comm. ACM e-commerce transactions. Inform. Systems Res. 17(1):61–80. 48(4):101–106. Edelman B (2011) Adverse selection in online “trust” certifications Berghel H (1997) Cyberspace 2000: Dealing with information over- and search results. Electronic Commerce Res. Appl. 10(1):17–25. load. Comm. ACM 40(2):19–24. Eppler MJ, Mengis J (2004) The concept of information over- Brandimarte L, Acquisti A, Loewenstein G (2010) Misplaced load: A review of literature from organization science, mar- confidences: Privacy and the control paradox. Proc. Workshop keting, accounting, MIS, and related disciplines. Inform. Soc. Econom. Inform. Security (WEIS), Boston, June 2010, http:// 20(5):325–344. weis2010.econinfosec.org/papers/session2/weis2010_brandimarte Falk RF, Miller NB (1992) A Primer for Soft Modeling (The University .pdf. of Akron Press, Akron, OH). Buchanan T, Paine C, Joinson AN, Reips U (2007) Development of FTC (2000) Privacy online: Fair information practices in the elec- Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. measures of online privacy concern and protection for use on the internet. J. Amer. Soc. Inform. Sci. Tech. 58(2):157–165. tronic marketplace. Federal Trade Commission. http://www .ftc.gov/reports/privacy2000/privacy2000.pdf. Burkert H (1997) Privacy-enhancing technologies: Typology, cri- tique, vision. Agre P, Rotenberg M, eds. Technology and Privacy: FTC (2009) Beyond voice: Mapping the mobile marketplace. Fed- The New Landscape (MIT Press, Cambridge, MA), 126–143. eral Trade Commission. www.ftc.gov/opa/2009/04/mobilerpt Campbell DT, Fiske DW (1959) Convergent and discriminant val- .shtm. idation by the multitrait-multimethod matrix. Psych. Bulletin FTC (2010) A preliminary FTC staff report on protecting consumer 56(1):81–105. privacy in an era of rapid change: A proposed framework Carte AT, Russell JC (2003) In pursuit of moderation: Nine common for businesses and policymakers. Federal Trade Commission. errors and their solutions. MIS Quart. 27(3):479–501. http://www.ftc.gov/opa/2010/12/privacyreport.shtm. Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns 1362 Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS

Goldsmith RE, Freiden JB, Kilsheimer JC (1993) Social values Mowday RT, Sutton RI (1993) Organizational behavior: Linking and female fashion leadership: A cross-cultural study. Psych. individuals and groups to organizational contexts. Annual Rev. Marketing 10(5):399–412. Psych. 44(1):195–229. Goodwin C (1991) Privacy: Recognition of a consumer right. J. Pub- Moores T (2005) Do consumers understand the role of privacy seals lic Policy and Marketing 10(1):149–166. in e-commerce? Comm. ACM 48(3):86–91. Harding A (2001) Comparative law and legal transplantation in Moores T, Dhillon G (2003) Do privacy seals in e-commerce really South East Asia. Nelken D, Feest J, eds. Adapting Legal Cultures work? Comm. ACM 46(12):265–271. (Hart Publishing, Oxford, Portland, OR), 199–222. Nicolaou AI, McKnight DH (2006) Perceived information quality in data exchanges: Effects on risk, trust, and intention to use. Hoadley MC, Xu H, Lee J, Rosson MB (2010) Privacy as information Inform. Systems Res. 17(4):332–351. access and illusory control: The case of the Facebook news feed privacy outcry. Electronic Commerce Res. Appl. 9(1):50–60. Nunnally JC (1978) Psychometric Theory, 2nd ed. (McGraw-Hill, New York). Hoffman DL, Novak TP, Peralta MA (1999) Information privacy Oded N, Sunil W (2009) Social computing privacy concerns: in the marketspace: Implications for the commercial uses of Antecedents and effects. Proc. 27th Internat. Conf. Human Fac- anonymity on the web. Inform. Soc. 15(2):129–139. tors Comput. Systems (CHI) (ACM, Boston), 333–336. Hui KL, Teo HH, Lee SYT (2007) The value of privacy assurance: Pavlou PA, Gefen D (2004) Building effective online marketplaces An exploratory ﬁeld experiment. MIS Quart. 31(1):19–33. with institution-based trust. Inform. Systems Res. 15(1):37–59. Im G, Rai A (2008) Knowledge sharing ambidexterity in Pavlou PA, Liang H, Xue Y (2007) Understanding and mitigating long-term interorganizational relationships. Management Sci. uncertainty in online exchange relationships: A principal-agent 54(7):1281–1296. perspective. MIS Quart. 31(1):105–136. Johnson CA (1974) Privacy as personal control. Carson DH, Phelps J, Nowak G, Ferrell E (2000) Privacy concerns and consumer ed. Man-Environment Interactions: Evaluations and Applica- willingness to provide personal information. J. Public Policy and tions: Part 2 (Environmental Design Research Association, Marketing 19(1):27–41. Washington, DC), 83–100. Podsakoff MP, MacKenzie BS, Lee JY, Podsakoff NP (2003) Com- Junglas IA, Watson RT (2006) The U-constructs: Four information mon method biases in behavioral research: A critical review drives. Comm. AIS 17(1):569–592. of the literature and recommended remedies. J. Appl. Psych. 88(5):879–890. Junglas IA, Johnson NA, Spitzmüller C (2008) Personality traits and concern for privacy: An empirical study in the context of Reed GM, Taylor SE, Kemeny ME (1993) Perceived control and location-based services. Eur. J. Inform. Systems 17(4):387–402. psychological adjustment in gay men with AIDS. J. Appl. Soc. Psych. 23(10):791–824. Langer EJ (1975) The illusion of control. J. Personality Soc. Psych. Schoeman FD (1984) Philosophical Dimensions of Privacy: An 32(2):311–328. Anthology (Cambridge University Press, Cambridge, UK). Laufer RS, Wolfe M (1977) Privacy as a concept and a social Schwartz MP (1999) Privacy and democracy in cyberspace. Vander- issue—multidimensional developmental theory. J. Soc. Issues bilt Law Rev. 52(6):1610–1701. 33(3):22–42. Sheehan KB (1999) An investigation of gender differences in on- Li H, Sarathy R, Xu H. (2011) The role of affect and cognition on line privacy concerns and resultant behaviors. J. Interactive online consumers’ willingness to disclose personal informa- Marketing 13(4):24–38. tion. Decision Support Systems 51(3):434–445. Sheehan KB (2002) Toward a typology of Internet users and online Lindell MK, Whitney DJ (2001) Accounting for common method privacy concerns. Inform. Soc. 18(1):21–32. variance in cross-sectional research designs. J. Appl. Psych. Skinner EA (1996) A guide to constructs of control. J. Personality 86(1):114–121. Soc. Psych. 71(3):549–570. Malhotra KN, Kim SS, Agarwal J (2004) Internet users’ information Slyke CV, Shim JT, Johnson R, Jiang JJ (2006) Concern for informa- privacy concerns (IUIPC): The construct, the scale, and a causal tion privacy and online consumer purchasing. J. Assoc. Inform. model. Inform. Systems Res. 15(4):336–355. Systems 7(6):415–444. Malhotra KN, Kim SS, Patil A (2006) Common method variance Smith HJ (2004) Information privacy and its management. MIS in IS research: A comparison of alternative approaches and a Quart. Executive 3(4):201–213. reanalysis of past research. Management Sci. 52(12):1865–1883. Smith HJ, Dinev T, Xu H (2011) Information privacy research: An Margulis TS (2003a) Privacy as a social issue and behavioral con- interdisciplinary review. MIS Quart. 35(4):989–1015. cept. J. Soc. Issues 59(2):243–261. Smith HJ, Milberg JS, Burke JS (1996) Information privacy: Measur- ing individuals’ concerns about organizational practices. MIS Margulis TS (2003b) On the status and contribution of Westin’s and Quart. 20(2, June):167–196. Altman’s theories of privacy. J. Soc. Issues 59(2):411–429. Sobel ME (1982) Asymptotic intervals for indirect effects in struc- McKnight DH, Choudhury V, Kacmar C (2002) Developing and val- tural equations models. Leinhart S, ed. Sociological Methodology idating trust measures for e-commerce: An integrative typol- (Jossey-Bass, San Francisco), 290–312. ogy. Inform. Systems Res. 13(3):334–359. Solove DJ (2002) Conceptualizing privacy. California Law Rev. Metzger MJ (2006) Effects of site, vendor, and consumer characteris- 90(4):1087–1155. tics on web site trust and disclosure. Comm. Res. 33(3):155–179. Solove DJ (2006) A taxonomy of privacy. Univ. Pennsylvania Law Miller SM (1980) Why having control reduces stress: If I can stop Rev. 154(3):477–560. Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved. the roller coaster I don’t want to get off. Garder J, Seligman Solove DJ (2007) “I’ve got nothing to hide” and other misunder- MEP, eds. Human Helplessness: Theory and Applications (Aca- standings of privacy. San Diego Law Rev. 44(4):745–772. demic Press, New York), 71–95. Son JY, Kim SS (2008) Internet users’ information privacy-protective Milne GR, Culnan MJ (2004) Strategies for reducing online pri- responses: A taxonomy and a nomological model. MIS Quart. vacy risks: Why consumers read (or don’t read) online privacy 32(3):503–529. notices. J. Interactive Marketing 18(3):15–29. Spiekermann S, Cranor LF (2009) Engineering privacy. IEEE Trans. Milne GR, Rohm A (2000) Consumer privacy and name removal Software Engrg. 35(1):67–82. across direct marketing channels: Exploring opt-in and opt-out Spiro WG, Houghteling LJ (1981) The Dynamics of Law, 2nd ed. alternatives. J. Public Policy and Marketing 19(2):238–249. (Harcourt Brace Jovanovich, New York). Xu et al.: Privacy Assurances, Perceived Control, and Privacy Concerns Information Systems Research 23(4), pp. 1342–1363, © 2012 INFORMS 1363

Squicciarini CA, Xu H, Zhang X (2011) CoPE: Enabling collabora- Wang W, Benbasat I (2009) Interactive decision aids for consumer tive privacy management in online social networks. J. Amer. decision making in e-commerce: The inﬂuence of perceived Soc. Inform. Sci. Tech. 62(3):521–534. strategy restrictiveness. MIS Quart. 33(2):293–320. Stewart KA, Segars AH (2002) An empirical examination of the con- Wang N, Xu H, Grossklags J (2011) Third-party apps on Face- cern for information privacy instrument. Inform. Systems Res. book: Privacy and the illusion of control. Proc. ACM Sym- 13(1):36–49. pos. Comput.-Human Interaction for Management Inform. Tech. Sundar SS, Marathe SS (2010) Personalization vs. customization: (CHIMIT), Boston (ACM, New York). The importance of agency, privacy, and power usage. Human Weisz JR, Rothbaum FM, Blackburn TC (1984) Standing out and Comm. Res. 36(3):298–322. standing in: The psychology of control in America and Japan. Swire PP (1997) Markets, self-regulation, and government enforce- Amer. Psych. 39(9):955–969. ment in the protection of personal information. Daley WM, Irving L, eds. Privacy and Self-Regulation in the Information Age Westin AF (1967) Privacy and Freedom (Atheneum, New York). (Department of Commerce, Washington, DC), 3–19. Wetzels M, Odekerken-Schroder G, van Oppen C (2009) Using Tang Z, Hu YJ, Smith MD (2008) Gaining trust through online PLS path modeling for assessing hierarchical construct privacy protection: Self-regulation, mandatory standards, or models: Guidelines and empirical illustration. MIS Quart. caveat emptor. J. Management Inform. Systems 24(4):153–173. 33(1):177–195. TRUSTe (2004) TRUSTe plugs into wireless: TRUSTe’s wire- Xu H, Dinev T, Smith HJ, Hart P (2008) Examining the formation less advisory committee announces ﬁrst wireless privacy of individual’s information privacy concerns: Toward an inte- standards. http://www.truste.org/articles/wireless_guidelines grative view. Proc. 29th Annual Internat. Conf. Inform. Systems _0304.php. (ICIS 2008), Paris, France (AIS, Atlanta). Tsai YJ, Kelly GP, Cranor FL, Sadeh N (2010) Location-sharing tech- Xu H, Dinev, T, Smith HJ, Hart P (2011) Information privacy con- nologies: Privacy risks and controls. I/S: J. Law Policy Inform. cerns: Liking individual perceptions with institutional privacy Soc. 6(2):119–151. assurances. J. Assoc. for Inform. Systems 12(12): 798–824. Turner EC, Dasgupta S (2003) Privacy on the Web: An examination Xu H, Teo HH, Tan BCY, Agarwal R (2010) The role of push-pull of users concerns, technology, and implications for business technology in privacy calculus: The case of location-based ser- organizations and individuals. Inform. Systems Management vices. J. Management Inform. Systems 26(3):135–174. 20(1):8–18. Waldo J, Lin H, Millett LI (2007) Engaging Privacy and Informa- Yamaguchi S (2001) Culture and control orientations. Matsumoto D, tion Technology in a Digital Age (National Academies Press, ed. The Handbook of Culture and Psychology (Oxford University Washington, DC). Press, New York), 223–243. Wallston AK (2001) Conceptualization and operationalization of Zweig D, Webster J (2002) Where is the line between benign perceived control. Baum A, Revenson TA, Singer JE, eds. and invasive? An examination of psychological barriers to the Handbook of Health Psychology (Lawrence Erlbaum Associates, acceptance of awareness monitoring systems. J. Organ. Behav. Mahwah, NJ), 49–58. 23(5):605–633. Downloaded from informs.org by [130.203.152.80] on 19 February 2014, at 06:34 . For personal use only, all rights reserved.